<html><body>
<style>

body, h1, h2, h3, div, span, p, pre, a {
  margin: 0;
  padding: 0;
  border: 0;
  font-weight: inherit;
  font-style: inherit;
  font-size: 100%;
  font-family: inherit;
  vertical-align: baseline;
}

body {
  font-size: 13px;
  padding: 1em;
}

h1 {
  font-size: 26px;
  margin-bottom: 1em;
}

h2 {
  font-size: 24px;
  margin-bottom: 1em;
}

h3 {
  font-size: 20px;
  margin-bottom: 1em;
  margin-top: 1em;
}

pre, code {
  line-height: 1.5;
  font-family: Monaco, 'DejaVu Sans Mono', 'Bitstream Vera Sans Mono', 'Lucida Console', monospace;
}

pre {
  margin-top: 0.5em;
}

h1, h2, h3, p {
  font-family: Arial, sans serif;
}

h1, h2, h3 {
  border-bottom: solid #CCC 1px;
}

.toc_element {
  margin-top: 0.5em;
}

.firstline {
  margin-left: 2 em;
}

.method  {
  margin-top: 1em;
  border: solid 1px #CCC;
  padding: 1em;
  background: #EEE;
}

.details {
  font-weight: bold;
  font-size: 14px;
}

</style>

<h1><a href="accesscontextmanager_v1beta.html">Access Context Manager API</a> . <a href="accesscontextmanager_v1beta.accessPolicies.html">accessPolicies</a> . <a href="accesscontextmanager_v1beta.accessPolicies.servicePerimeters.html">servicePerimeters</a></h1>
<h2>Instance Methods</h2>
<p class="toc_element">
  <code><a href="#close">close()</a></code></p>
<p class="firstline">Close httplib2 connections.</p>
<p class="toc_element">
  <code><a href="#create">create(parent, body=None, x__xgafv=None)</a></code></p>
<p class="firstline">Create a Service Perimeter. The longrunning operation from this RPC will have a successful status once the Service Perimeter has propagated to long-lasting storage. Service Perimeters containing errors will result in an error response for the first error encountered.</p>
<p class="toc_element">
  <code><a href="#delete">delete(name, x__xgafv=None)</a></code></p>
<p class="firstline">Delete a Service Perimeter by resource name. The longrunning operation from this RPC will have a successful status once the Service Perimeter has been removed from long-lasting storage.</p>
<p class="toc_element">
  <code><a href="#get">get(name, x__xgafv=None)</a></code></p>
<p class="firstline">Get a Service Perimeter by resource name.</p>
<p class="toc_element">
  <code><a href="#list">list(parent, pageSize=None, pageToken=None, x__xgafv=None)</a></code></p>
<p class="firstline">List all Service Perimeters for an access policy.</p>
<p class="toc_element">
  <code><a href="#list_next">list_next()</a></code></p>
<p class="firstline">Retrieves the next page of results.</p>
<p class="toc_element">
  <code><a href="#patch">patch(name, body=None, updateMask=None, x__xgafv=None)</a></code></p>
<p class="firstline">Update a Service Perimeter. The longrunning operation from this RPC will have a successful status once the changes to the Service Perimeter have propagated to long-lasting storage. Service Perimeter containing errors will result in an error response for the first error encountered.</p>
<h3>Method Details</h3>
<div class="method">
    <code class="details" id="close">close()</code>
  <pre>Close httplib2 connections.</pre>
</div>

<div class="method">
    <code class="details" id="create">create(parent, body=None, x__xgafv=None)</code>
  <pre>Create a Service Perimeter. The longrunning operation from this RPC will have a successful status once the Service Perimeter has propagated to long-lasting storage. Service Perimeters containing errors will result in an error response for the first error encountered.

Args:
  parent: string, Required. Resource name for the access policy which owns this Service Perimeter. Format: `accessPolicies/{policy_id}` (required)
  body: object, The request body.
    The object takes the form of:

{ # `ServicePerimeter` describes a set of Google Cloud resources which can freely import and export data amongst themselves, but not export outside of the `ServicePerimeter`. If a request with a source within this `ServicePerimeter` has a target outside of the `ServicePerimeter`, the request will be blocked. Otherwise the request is allowed. There are two types of Service Perimeter - Regular and Bridge. Regular Service Perimeters cannot overlap, a single Google Cloud project can only belong to a single regular Service Perimeter. Service Perimeter Bridges can contain only Google Cloud projects as members, a single Google Cloud project may belong to multiple Service Perimeter Bridges.
  &quot;description&quot;: &quot;A String&quot;, # Description of the `ServicePerimeter` and its use. Does not affect behavior.
  &quot;name&quot;: &quot;A String&quot;, # Resource name for the `ServicePerimeter`. Format: `accessPolicies/{access_policy}/servicePerimeters/{service_perimeter}`. The `service_perimeter` component must begin with a letter, followed by alphanumeric characters or `_`. After you create a `ServicePerimeter`, you cannot change its `name`.
  &quot;perimeterType&quot;: &quot;A String&quot;, # Perimeter type indicator. A single project is allowed to be a member of single regular perimeter, but multiple service perimeter bridges. A project cannot be a included in a perimeter bridge without being included in regular perimeter. For perimeter bridges, restricted/unrestricted service lists as well as access lists must be empty.
  &quot;status&quot;: { # `ServicePerimeterConfig` specifies a set of Google Cloud resources that describe specific Service Perimeter configuration. # Current ServicePerimeter configuration. Specifies sets of resources, restricted/unrestricted services and access levels that determine perimeter content and boundaries.
    &quot;accessLevels&quot;: [ # A list of `AccessLevel` resource names that allow resources within the `ServicePerimeter` to be accessed from the internet. `AccessLevels` listed must be in the same policy as this `ServicePerimeter`. Referencing a nonexistent `AccessLevel` is a syntax error. If no `AccessLevel` names are listed, resources within the perimeter can only be accessed via Google Cloud calls with request origins within the perimeter. Example: `&quot;accessPolicies/MY_POLICY/accessLevels/MY_LEVEL&quot;`. For Service Perimeter Bridge, must be empty.
      &quot;A String&quot;,
    ],
    &quot;resources&quot;: [ # A list of Google Cloud resources that are inside of the service perimeter. Currently only projects are allowed. Format: `projects/{project_number}`
      &quot;A String&quot;,
    ],
    &quot;restrictedServices&quot;: [ # Google Cloud services that are subject to the Service Perimeter restrictions. Must contain a list of services. For example, if `storage.googleapis.com` is specified, access to the storage buckets inside the perimeter must meet the perimeter&#x27;s access restrictions.
      &quot;A String&quot;,
    ],
    &quot;unrestrictedServices&quot;: [ # Google Cloud services that are not subject to the Service Perimeter restrictions. Deprecated. Must be set to a single wildcard &quot;*&quot;. The wildcard means that unless explicitly specified by &quot;restricted_services&quot; list, any service is treated as unrestricted.
      &quot;A String&quot;,
    ],
    &quot;vpcAccessibleServices&quot;: { # Specifies how APIs are allowed to communicate within the Service Perimeter. # Beta. Configuration for APIs allowed within Perimeter.
      &quot;allowedServices&quot;: [ # The list of APIs usable within the Service Perimeter. Must be empty unless &#x27;enable_restriction&#x27; is True. You can specify a list of individual services, as well as include the &#x27;RESTRICTED-SERVICES&#x27; value, which automatically includes all of the services protected by the perimeter.
        &quot;A String&quot;,
      ],
      &quot;enableRestriction&quot;: True or False, # Whether to restrict API calls within the Service Perimeter to the list of APIs specified in &#x27;allowed_services&#x27;.
    },
  },
  &quot;title&quot;: &quot;A String&quot;, # Human readable title. Must be unique within the Policy.
}

  x__xgafv: string, V1 error format.
    Allowed values
      1 - v1 error format
      2 - v2 error format

Returns:
  An object of the form:

    { # This resource represents a long-running operation that is the result of a network API call.
  &quot;done&quot;: True or False, # If the value is `false`, it means the operation is still in progress. If `true`, the operation is completed, and either `error` or `response` is available.
  &quot;error&quot;: { # The `Status` type defines a logical error model that is suitable for different programming environments, including REST APIs and RPC APIs. It is used by [gRPC](https://github.com/grpc). Each `Status` message contains three pieces of data: error code, error message, and error details. You can find out more about this error model and how to work with it in the [API Design Guide](https://cloud.google.com/apis/design/errors). # The error result of the operation in case of failure or cancellation.
    &quot;code&quot;: 42, # The status code, which should be an enum value of google.rpc.Code.
    &quot;details&quot;: [ # A list of messages that carry the error details. There is a common set of message types for APIs to use.
      {
        &quot;a_key&quot;: &quot;&quot;, # Properties of the object. Contains field @type with type URL.
      },
    ],
    &quot;message&quot;: &quot;A String&quot;, # A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the google.rpc.Status.details field, or localized by the client.
  },
  &quot;metadata&quot;: { # Service-specific metadata associated with the operation. It typically contains progress information and common metadata such as create time. Some services might not provide such metadata. Any method that returns a long-running operation should document the metadata type, if any.
    &quot;a_key&quot;: &quot;&quot;, # Properties of the object. Contains field @type with type URL.
  },
  &quot;name&quot;: &quot;A String&quot;, # The server-assigned name, which is only unique within the same service that originally returns it. If you use the default HTTP mapping, the `name` should be a resource name ending with `operations/{unique_id}`.
  &quot;response&quot;: { # The normal, successful response of the operation. If the original method returns no data on success, such as `Delete`, the response is `google.protobuf.Empty`. If the original method is standard `Get`/`Create`/`Update`, the response should be the resource. For other methods, the response should have the type `XxxResponse`, where `Xxx` is the original method name. For example, if the original method name is `TakeSnapshot()`, the inferred response type is `TakeSnapshotResponse`.
    &quot;a_key&quot;: &quot;&quot;, # Properties of the object. Contains field @type with type URL.
  },
}</pre>
</div>

<div class="method">
    <code class="details" id="delete">delete(name, x__xgafv=None)</code>
  <pre>Delete a Service Perimeter by resource name. The longrunning operation from this RPC will have a successful status once the Service Perimeter has been removed from long-lasting storage.

Args:
  name: string, Required. Resource name for the Service Perimeter. Format: `accessPolicies/{policy_id}/servicePerimeters/{service_perimeter_id}` (required)
  x__xgafv: string, V1 error format.
    Allowed values
      1 - v1 error format
      2 - v2 error format

Returns:
  An object of the form:

    { # This resource represents a long-running operation that is the result of a network API call.
  &quot;done&quot;: True or False, # If the value is `false`, it means the operation is still in progress. If `true`, the operation is completed, and either `error` or `response` is available.
  &quot;error&quot;: { # The `Status` type defines a logical error model that is suitable for different programming environments, including REST APIs and RPC APIs. It is used by [gRPC](https://github.com/grpc). Each `Status` message contains three pieces of data: error code, error message, and error details. You can find out more about this error model and how to work with it in the [API Design Guide](https://cloud.google.com/apis/design/errors). # The error result of the operation in case of failure or cancellation.
    &quot;code&quot;: 42, # The status code, which should be an enum value of google.rpc.Code.
    &quot;details&quot;: [ # A list of messages that carry the error details. There is a common set of message types for APIs to use.
      {
        &quot;a_key&quot;: &quot;&quot;, # Properties of the object. Contains field @type with type URL.
      },
    ],
    &quot;message&quot;: &quot;A String&quot;, # A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the google.rpc.Status.details field, or localized by the client.
  },
  &quot;metadata&quot;: { # Service-specific metadata associated with the operation. It typically contains progress information and common metadata such as create time. Some services might not provide such metadata. Any method that returns a long-running operation should document the metadata type, if any.
    &quot;a_key&quot;: &quot;&quot;, # Properties of the object. Contains field @type with type URL.
  },
  &quot;name&quot;: &quot;A String&quot;, # The server-assigned name, which is only unique within the same service that originally returns it. If you use the default HTTP mapping, the `name` should be a resource name ending with `operations/{unique_id}`.
  &quot;response&quot;: { # The normal, successful response of the operation. If the original method returns no data on success, such as `Delete`, the response is `google.protobuf.Empty`. If the original method is standard `Get`/`Create`/`Update`, the response should be the resource. For other methods, the response should have the type `XxxResponse`, where `Xxx` is the original method name. For example, if the original method name is `TakeSnapshot()`, the inferred response type is `TakeSnapshotResponse`.
    &quot;a_key&quot;: &quot;&quot;, # Properties of the object. Contains field @type with type URL.
  },
}</pre>
</div>

<div class="method">
    <code class="details" id="get">get(name, x__xgafv=None)</code>
  <pre>Get a Service Perimeter by resource name.

Args:
  name: string, Required. Resource name for the Service Perimeter. Format: `accessPolicies/{policy_id}/servicePerimeters/{service_perimeters_id}` (required)
  x__xgafv: string, V1 error format.
    Allowed values
      1 - v1 error format
      2 - v2 error format

Returns:
  An object of the form:

    { # `ServicePerimeter` describes a set of Google Cloud resources which can freely import and export data amongst themselves, but not export outside of the `ServicePerimeter`. If a request with a source within this `ServicePerimeter` has a target outside of the `ServicePerimeter`, the request will be blocked. Otherwise the request is allowed. There are two types of Service Perimeter - Regular and Bridge. Regular Service Perimeters cannot overlap, a single Google Cloud project can only belong to a single regular Service Perimeter. Service Perimeter Bridges can contain only Google Cloud projects as members, a single Google Cloud project may belong to multiple Service Perimeter Bridges.
  &quot;description&quot;: &quot;A String&quot;, # Description of the `ServicePerimeter` and its use. Does not affect behavior.
  &quot;name&quot;: &quot;A String&quot;, # Resource name for the `ServicePerimeter`. Format: `accessPolicies/{access_policy}/servicePerimeters/{service_perimeter}`. The `service_perimeter` component must begin with a letter, followed by alphanumeric characters or `_`. After you create a `ServicePerimeter`, you cannot change its `name`.
  &quot;perimeterType&quot;: &quot;A String&quot;, # Perimeter type indicator. A single project is allowed to be a member of single regular perimeter, but multiple service perimeter bridges. A project cannot be a included in a perimeter bridge without being included in regular perimeter. For perimeter bridges, restricted/unrestricted service lists as well as access lists must be empty.
  &quot;status&quot;: { # `ServicePerimeterConfig` specifies a set of Google Cloud resources that describe specific Service Perimeter configuration. # Current ServicePerimeter configuration. Specifies sets of resources, restricted/unrestricted services and access levels that determine perimeter content and boundaries.
    &quot;accessLevels&quot;: [ # A list of `AccessLevel` resource names that allow resources within the `ServicePerimeter` to be accessed from the internet. `AccessLevels` listed must be in the same policy as this `ServicePerimeter`. Referencing a nonexistent `AccessLevel` is a syntax error. If no `AccessLevel` names are listed, resources within the perimeter can only be accessed via Google Cloud calls with request origins within the perimeter. Example: `&quot;accessPolicies/MY_POLICY/accessLevels/MY_LEVEL&quot;`. For Service Perimeter Bridge, must be empty.
      &quot;A String&quot;,
    ],
    &quot;resources&quot;: [ # A list of Google Cloud resources that are inside of the service perimeter. Currently only projects are allowed. Format: `projects/{project_number}`
      &quot;A String&quot;,
    ],
    &quot;restrictedServices&quot;: [ # Google Cloud services that are subject to the Service Perimeter restrictions. Must contain a list of services. For example, if `storage.googleapis.com` is specified, access to the storage buckets inside the perimeter must meet the perimeter&#x27;s access restrictions.
      &quot;A String&quot;,
    ],
    &quot;unrestrictedServices&quot;: [ # Google Cloud services that are not subject to the Service Perimeter restrictions. Deprecated. Must be set to a single wildcard &quot;*&quot;. The wildcard means that unless explicitly specified by &quot;restricted_services&quot; list, any service is treated as unrestricted.
      &quot;A String&quot;,
    ],
    &quot;vpcAccessibleServices&quot;: { # Specifies how APIs are allowed to communicate within the Service Perimeter. # Beta. Configuration for APIs allowed within Perimeter.
      &quot;allowedServices&quot;: [ # The list of APIs usable within the Service Perimeter. Must be empty unless &#x27;enable_restriction&#x27; is True. You can specify a list of individual services, as well as include the &#x27;RESTRICTED-SERVICES&#x27; value, which automatically includes all of the services protected by the perimeter.
        &quot;A String&quot;,
      ],
      &quot;enableRestriction&quot;: True or False, # Whether to restrict API calls within the Service Perimeter to the list of APIs specified in &#x27;allowed_services&#x27;.
    },
  },
  &quot;title&quot;: &quot;A String&quot;, # Human readable title. Must be unique within the Policy.
}</pre>
</div>

<div class="method">
    <code class="details" id="list">list(parent, pageSize=None, pageToken=None, x__xgafv=None)</code>
  <pre>List all Service Perimeters for an access policy.

Args:
  parent: string, Required. Resource name for the access policy to list Service Perimeters from. Format: `accessPolicies/{policy_id}` (required)
  pageSize: integer, Number of Service Perimeters to include in the list. Default 100.
  pageToken: string, Next page token for the next batch of Service Perimeter instances. Defaults to the first page of results.
  x__xgafv: string, V1 error format.
    Allowed values
      1 - v1 error format
      2 - v2 error format

Returns:
  An object of the form:

    { # A response to `ListServicePerimetersRequest`.
  &quot;nextPageToken&quot;: &quot;A String&quot;, # The pagination token to retrieve the next page of results. If the value is empty, no further results remain.
  &quot;servicePerimeters&quot;: [ # List of the Service Perimeter instances.
    { # `ServicePerimeter` describes a set of Google Cloud resources which can freely import and export data amongst themselves, but not export outside of the `ServicePerimeter`. If a request with a source within this `ServicePerimeter` has a target outside of the `ServicePerimeter`, the request will be blocked. Otherwise the request is allowed. There are two types of Service Perimeter - Regular and Bridge. Regular Service Perimeters cannot overlap, a single Google Cloud project can only belong to a single regular Service Perimeter. Service Perimeter Bridges can contain only Google Cloud projects as members, a single Google Cloud project may belong to multiple Service Perimeter Bridges.
      &quot;description&quot;: &quot;A String&quot;, # Description of the `ServicePerimeter` and its use. Does not affect behavior.
      &quot;name&quot;: &quot;A String&quot;, # Resource name for the `ServicePerimeter`. Format: `accessPolicies/{access_policy}/servicePerimeters/{service_perimeter}`. The `service_perimeter` component must begin with a letter, followed by alphanumeric characters or `_`. After you create a `ServicePerimeter`, you cannot change its `name`.
      &quot;perimeterType&quot;: &quot;A String&quot;, # Perimeter type indicator. A single project is allowed to be a member of single regular perimeter, but multiple service perimeter bridges. A project cannot be a included in a perimeter bridge without being included in regular perimeter. For perimeter bridges, restricted/unrestricted service lists as well as access lists must be empty.
      &quot;status&quot;: { # `ServicePerimeterConfig` specifies a set of Google Cloud resources that describe specific Service Perimeter configuration. # Current ServicePerimeter configuration. Specifies sets of resources, restricted/unrestricted services and access levels that determine perimeter content and boundaries.
        &quot;accessLevels&quot;: [ # A list of `AccessLevel` resource names that allow resources within the `ServicePerimeter` to be accessed from the internet. `AccessLevels` listed must be in the same policy as this `ServicePerimeter`. Referencing a nonexistent `AccessLevel` is a syntax error. If no `AccessLevel` names are listed, resources within the perimeter can only be accessed via Google Cloud calls with request origins within the perimeter. Example: `&quot;accessPolicies/MY_POLICY/accessLevels/MY_LEVEL&quot;`. For Service Perimeter Bridge, must be empty.
          &quot;A String&quot;,
        ],
        &quot;resources&quot;: [ # A list of Google Cloud resources that are inside of the service perimeter. Currently only projects are allowed. Format: `projects/{project_number}`
          &quot;A String&quot;,
        ],
        &quot;restrictedServices&quot;: [ # Google Cloud services that are subject to the Service Perimeter restrictions. Must contain a list of services. For example, if `storage.googleapis.com` is specified, access to the storage buckets inside the perimeter must meet the perimeter&#x27;s access restrictions.
          &quot;A String&quot;,
        ],
        &quot;unrestrictedServices&quot;: [ # Google Cloud services that are not subject to the Service Perimeter restrictions. Deprecated. Must be set to a single wildcard &quot;*&quot;. The wildcard means that unless explicitly specified by &quot;restricted_services&quot; list, any service is treated as unrestricted.
          &quot;A String&quot;,
        ],
        &quot;vpcAccessibleServices&quot;: { # Specifies how APIs are allowed to communicate within the Service Perimeter. # Beta. Configuration for APIs allowed within Perimeter.
          &quot;allowedServices&quot;: [ # The list of APIs usable within the Service Perimeter. Must be empty unless &#x27;enable_restriction&#x27; is True. You can specify a list of individual services, as well as include the &#x27;RESTRICTED-SERVICES&#x27; value, which automatically includes all of the services protected by the perimeter.
            &quot;A String&quot;,
          ],
          &quot;enableRestriction&quot;: True or False, # Whether to restrict API calls within the Service Perimeter to the list of APIs specified in &#x27;allowed_services&#x27;.
        },
      },
      &quot;title&quot;: &quot;A String&quot;, # Human readable title. Must be unique within the Policy.
    },
  ],
}</pre>
</div>

<div class="method">
    <code class="details" id="list_next">list_next()</code>
  <pre>Retrieves the next page of results.

        Args:
          previous_request: The request for the previous page. (required)
          previous_response: The response from the request for the previous page. (required)

        Returns:
          A request object that you can call &#x27;execute()&#x27; on to request the next
          page. Returns None if there are no more items in the collection.
        </pre>
</div>

<div class="method">
    <code class="details" id="patch">patch(name, body=None, updateMask=None, x__xgafv=None)</code>
  <pre>Update a Service Perimeter. The longrunning operation from this RPC will have a successful status once the changes to the Service Perimeter have propagated to long-lasting storage. Service Perimeter containing errors will result in an error response for the first error encountered.

Args:
  name: string, Resource name for the `ServicePerimeter`. Format: `accessPolicies/{access_policy}/servicePerimeters/{service_perimeter}`. The `service_perimeter` component must begin with a letter, followed by alphanumeric characters or `_`. After you create a `ServicePerimeter`, you cannot change its `name`. (required)
  body: object, The request body.
    The object takes the form of:

{ # `ServicePerimeter` describes a set of Google Cloud resources which can freely import and export data amongst themselves, but not export outside of the `ServicePerimeter`. If a request with a source within this `ServicePerimeter` has a target outside of the `ServicePerimeter`, the request will be blocked. Otherwise the request is allowed. There are two types of Service Perimeter - Regular and Bridge. Regular Service Perimeters cannot overlap, a single Google Cloud project can only belong to a single regular Service Perimeter. Service Perimeter Bridges can contain only Google Cloud projects as members, a single Google Cloud project may belong to multiple Service Perimeter Bridges.
  &quot;description&quot;: &quot;A String&quot;, # Description of the `ServicePerimeter` and its use. Does not affect behavior.
  &quot;name&quot;: &quot;A String&quot;, # Resource name for the `ServicePerimeter`. Format: `accessPolicies/{access_policy}/servicePerimeters/{service_perimeter}`. The `service_perimeter` component must begin with a letter, followed by alphanumeric characters or `_`. After you create a `ServicePerimeter`, you cannot change its `name`.
  &quot;perimeterType&quot;: &quot;A String&quot;, # Perimeter type indicator. A single project is allowed to be a member of single regular perimeter, but multiple service perimeter bridges. A project cannot be a included in a perimeter bridge without being included in regular perimeter. For perimeter bridges, restricted/unrestricted service lists as well as access lists must be empty.
  &quot;status&quot;: { # `ServicePerimeterConfig` specifies a set of Google Cloud resources that describe specific Service Perimeter configuration. # Current ServicePerimeter configuration. Specifies sets of resources, restricted/unrestricted services and access levels that determine perimeter content and boundaries.
    &quot;accessLevels&quot;: [ # A list of `AccessLevel` resource names that allow resources within the `ServicePerimeter` to be accessed from the internet. `AccessLevels` listed must be in the same policy as this `ServicePerimeter`. Referencing a nonexistent `AccessLevel` is a syntax error. If no `AccessLevel` names are listed, resources within the perimeter can only be accessed via Google Cloud calls with request origins within the perimeter. Example: `&quot;accessPolicies/MY_POLICY/accessLevels/MY_LEVEL&quot;`. For Service Perimeter Bridge, must be empty.
      &quot;A String&quot;,
    ],
    &quot;resources&quot;: [ # A list of Google Cloud resources that are inside of the service perimeter. Currently only projects are allowed. Format: `projects/{project_number}`
      &quot;A String&quot;,
    ],
    &quot;restrictedServices&quot;: [ # Google Cloud services that are subject to the Service Perimeter restrictions. Must contain a list of services. For example, if `storage.googleapis.com` is specified, access to the storage buckets inside the perimeter must meet the perimeter&#x27;s access restrictions.
      &quot;A String&quot;,
    ],
    &quot;unrestrictedServices&quot;: [ # Google Cloud services that are not subject to the Service Perimeter restrictions. Deprecated. Must be set to a single wildcard &quot;*&quot;. The wildcard means that unless explicitly specified by &quot;restricted_services&quot; list, any service is treated as unrestricted.
      &quot;A String&quot;,
    ],
    &quot;vpcAccessibleServices&quot;: { # Specifies how APIs are allowed to communicate within the Service Perimeter. # Beta. Configuration for APIs allowed within Perimeter.
      &quot;allowedServices&quot;: [ # The list of APIs usable within the Service Perimeter. Must be empty unless &#x27;enable_restriction&#x27; is True. You can specify a list of individual services, as well as include the &#x27;RESTRICTED-SERVICES&#x27; value, which automatically includes all of the services protected by the perimeter.
        &quot;A String&quot;,
      ],
      &quot;enableRestriction&quot;: True or False, # Whether to restrict API calls within the Service Perimeter to the list of APIs specified in &#x27;allowed_services&#x27;.
    },
  },
  &quot;title&quot;: &quot;A String&quot;, # Human readable title. Must be unique within the Policy.
}

  updateMask: string, Required. Mask to control which fields get updated. Must be non-empty.
  x__xgafv: string, V1 error format.
    Allowed values
      1 - v1 error format
      2 - v2 error format

Returns:
  An object of the form:

    { # This resource represents a long-running operation that is the result of a network API call.
  &quot;done&quot;: True or False, # If the value is `false`, it means the operation is still in progress. If `true`, the operation is completed, and either `error` or `response` is available.
  &quot;error&quot;: { # The `Status` type defines a logical error model that is suitable for different programming environments, including REST APIs and RPC APIs. It is used by [gRPC](https://github.com/grpc). Each `Status` message contains three pieces of data: error code, error message, and error details. You can find out more about this error model and how to work with it in the [API Design Guide](https://cloud.google.com/apis/design/errors). # The error result of the operation in case of failure or cancellation.
    &quot;code&quot;: 42, # The status code, which should be an enum value of google.rpc.Code.
    &quot;details&quot;: [ # A list of messages that carry the error details. There is a common set of message types for APIs to use.
      {
        &quot;a_key&quot;: &quot;&quot;, # Properties of the object. Contains field @type with type URL.
      },
    ],
    &quot;message&quot;: &quot;A String&quot;, # A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the google.rpc.Status.details field, or localized by the client.
  },
  &quot;metadata&quot;: { # Service-specific metadata associated with the operation. It typically contains progress information and common metadata such as create time. Some services might not provide such metadata. Any method that returns a long-running operation should document the metadata type, if any.
    &quot;a_key&quot;: &quot;&quot;, # Properties of the object. Contains field @type with type URL.
  },
  &quot;name&quot;: &quot;A String&quot;, # The server-assigned name, which is only unique within the same service that originally returns it. If you use the default HTTP mapping, the `name` should be a resource name ending with `operations/{unique_id}`.
  &quot;response&quot;: { # The normal, successful response of the operation. If the original method returns no data on success, such as `Delete`, the response is `google.protobuf.Empty`. If the original method is standard `Get`/`Create`/`Update`, the response should be the resource. For other methods, the response should have the type `XxxResponse`, where `Xxx` is the original method name. For example, if the original method name is `TakeSnapshot()`, the inferred response type is `TakeSnapshotResponse`.
    &quot;a_key&quot;: &quot;&quot;, # Properties of the object. Contains field @type with type URL.
  },
}</pre>
</div>

</body></html>